Lucene search
K

131 matches found

OSV
OSV
added 2026/07/06 9:49 p.m.3 views

GHSA-473P-56XX-VG67 Kiwi TCMS vulnerable to stored XSS via JavaScript: URI in extra_link field (TestPlan & TestCase)

Summary In Kiwi TCMS the fields TestCase.extralink and TestPlan.extralink were meant to represent URLs to external resources however in versions prior to 16.1 user input was not being sanitized and values were rendered verbatim which represents an opportunity for cross-site scripting exploitation...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/07/06 9:27 p.m.5 views

GHSA-HMJ5-JM8H-H9FH Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint

Summary An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns...

6.1CVSS6.1AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.12 views

CVE-2023-25156

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a...

9.8CVSS6.6AI score0.00902EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-26613

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00681EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-1663

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.0087EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0650

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00902EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0835

Malicious code in bioql PyPI...

7.6CVSS6.2AI score0.00485EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-1647

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.00431EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0656

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00908EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1233

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00419EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0290

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.03596EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2090

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.00692EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1299

Malicious code in bioql PyPI...

9CVSS8.9AI score0.01024EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 4:45 a.m.7 views

CVE-2023-22451

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

8.8CVSS7AI score0.00681EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:2 a.m.9 views

CVE-2023-36809

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

8.1CVSS6.7AI score0.00692EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.10 views

CVE-2023-30544

Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the My profile admin page. This page allowed them to change the email address registered with their account without the ownership verification performed...

4.3CVSS6.7AI score0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.6 views

CVE-2023-32686

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

8.1CVSS7AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.4 views

CVE-2023-30628

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlle...

8.8CVSS7.5AI score0.03596EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:47 a.m.5 views

CVE-2023-30613

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...

9CVSS7.4AI score0.01024EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:14 a.m.6 views

CVE-2023-25171

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...

7.5CVSS6.5AI score0.00908EPSS
Exploits0References1
Rows per page
Query Builder